Online Social Network Security

Security is an important issue for the widespread application of social network. It is generally agreed that without the proper countermeasures in place, use of social network will be severely impeded and insecure.

Security Objectives

When developing an application, it is best to define security objectives and requirements early in the process. Security objectives are goals and constraints that affect the confidentiality, integrity, and availability of your data and application.

Identification of security objectives is the first step you can take to help ensure the security of your application, and it is also one of the most important steps. The objectives, once created, can be used to direct all the subsequent security activities that you perform. Security objectives do not remain static, but are influenced by later design and implementation activities.

Security objectives should be identified as early in the development process as possible, ideally in the requirements and analysis phase. The objectives, once created, can be used to direct all the subsequent security activities that you perform. Security objectives do not remain static, but are influenced by later design and implementation activities.

Identifying security objectives is an iterative process that is initially driven by an examination of the application’s requirements and usage scenarios. By the end of the requirements and analysis phase, you should have a first set of objectives that are not yet tied to design or implementation details. During the design phase, additional objectives will surface that are specific to the application architecture and design. During the implementation phase, you may discover a few additional objectives based upon specific technology or implementation choices that have an impact on overall application security.

Each evolution of the security objectives will affect other security activities. You should review the threat model, architecture and design review guidelines, and general code review guidelines when your security objectives change.

OSI (Open Systems Interconnection) Security Services

With regard to the framework of the OSI Reference Model, the authentication services require authentication information comprising locally stored information and data that is transferred to facilitate the authentication:

Authentication

These services provide for the authentication of a communicating peer entity and the source of data.

Access control

This service provides protection against unauthorized use of resources accessible via OSI.

Data confidentiality

These services provide for the protection of data from unauthorized disclosure.

Data integrity

These services counter active threats and may take one of the forms.

Non-repudiation

This service may take one or both of two forms: proof of origin or delivery.

Social Network Security Objectives

As mentioned in week 10, we know there are three main security objectives identified in the context of OSNs:

Privacy

Integrity

Availability

Privacy in OSNs encompasses user profile privacy, communication privacy, message confidentiality, and Information disclosure.

To be integrity, the user’s identity and data must be protected against unauthorized modification and tampering.

Availability of user profiles is consequently required as a basic feature. Besides availability of data access, message exchange among members should also be taken into consideration.

Differences between the social network security objectives and conventional online networks

1.    Confidentiality

In conventional online networks, privacy calls for data confidentiality, including connection confidentiality, connectionless confidentiality, selective field confidentiality, and traffic flow confidentiality.

However, in the OSN (Online Social Network), privacy means the possibility to hide any information about any user, even to the extent of hiding their participation in the OSN in the first place, requiring explicit disclosure leads to the need for access control.

2.    Integrity

Data integrity, in OSI, refers to five facets: connection integrity with recovery, connection integrity without recovery, selective field connection integrity, connectionless integrity, and selective field connectionless integrity.

In traditional social networks, the creation of personae, such as bogus accounts, cloned accounts, or other types of impersonation, is easy to achieve. Therefore integrity in the context of OSNs has to be extended to ensure the existence of real persons behind registered OSN members.

3.    Availability

Data access provides protection against unauthorized use of resources accessible via OSI. In OSNs, availability of user profiles is required as a basic feature, even though considering recreational use, including robustness against censorship, and the seizure or hijacking of names and other key words. Besides data access, availability, while message is exchanging among members, should be ensured as well.

References:

1.     http://security-objectives.com/

2.     http://en.wikipedia.org/wiki/Security_service_%28telecommunication%29

3.     lecture 10 (page 6 -10)

Social Network Analysis? What's that?

Brief Introduction

SNA (Social network analysis) has emerged as a key technique in modern sociology, which refers to methods to analyze social networks and social structures. Social network analysis views social relationships in terms of network theory consisting of nodes and ties.

Nodes are the individual actors within the networks, and ties are the relationships between the actors. Nodes are tied by one or more specific types of interdependency, such as friendship, kinship, common interest, financial exchange, dislike, sexual relationships, or relationships of beliefs, knowledge or prestige.

Case Study

Now we give an example to analyze the social network between notes.

This undirected sociogram describes a small social network composed of five social actors and a set of links. Here we just consider the one mode network.

1. General parameters

Degree

Density

Geodesic Distances

The degree of a node n_i, noted by d(n_i), is the number of nodes adjacent to it, including out-degree (the number of links pointing out of this node) and in-degree (the number of links pointing into of this node).

Density can measure the closeness of a network, is an indicator for the general level of connectedness of the graph.

Geodesic Distances, expressed by d(i, j), is the distance of the geodesic path between two i and j.

With regard to this instance, the degree of each notes are as following:

Notes	Degree
Alice	3
Bob	2
Carol	2
David	4
Eva	1

The density of this undirected graph is 0.6.

Geodesic Distances between two nodes are shown as below:

	Alice	Bob	Carol	David	Eva
Alice	—	1	1	1	2
Bob	1	—	2	1	2
Carol	1	2	—	1	2
David	1	1	1	—	1
Eva	2	2	2	1	—

What’s more, {Alice, Bob, David} and {Alice, Carol, David} are cliques.

2. Centrality

When identifying which nodes are in the center of the network, here we consider three standard centrality measures to capture a wide range of “importance” in the network:

          Degree Centrality

          Closeness Centrality

          Betweenness Centrality

Historically first and conceptually simplest is degree centrality, which is defined as the number of links incident upon a node (i.e., the number of ties that a node has). The degree can be interpreted in terms of the immediate risk of a node for catching whatever is flowing through the network (such as a virus, or some information).

In graphs there is a natural distance metric between all pairs of nodes, defined by the length of their shortest paths. The farness of a node s is defined as the sum of its distances to all other nodes, and its closeness is defined as the inverse of the farness. Thus, a node is the more central the lower its total distance to all other nodes. Closeness can be regarded as a measure of how long it will take to spread information from s to all other nodes sequentially.

Betweenness is a centrality measure of a vertex within a graph (there is also edge betweenness, which is not discussed here). It was introduced as a measure for quantifying the control of a human on the communication between other humans in a social network by Linton Freeman. In his conception, vertices that have a high probability to occur on a randomly chosen shortest path between two randomly chosen nodes have a high betweenness.

With regard to this instance, the degree centrality of each notes are as following:

Notes	Degree Centrality	Closeness Centrality	Betweenness Centrality
Alice	0.6	0.8	0.08
Bob	0.4	0.67	0
Carol	0.4	0.67	0
David	0.8	1	0.58
Eva	0.2	0.57	0

           (the results above have been normalized)

Related Formulas:

(a) Degree Centrality: C’_D(n_i) = d(n_i)/(g-1)；,

(b) Closeness Centrality:   

            

            









(c) Betweenness Centrality:       


           

             

 and g_jk = the number of geodesics connecting jk, g_jk(n_i) = the number that actor i is on.

3. Influence Range

There is another measurement called Influence Range to show the set of actors who are reachable from the given node. This refined closeness centrality can be figured up by

               

J_i is the number of actors in the influence range of actor i (excluding i itself).

The computing results is:

Notes	Closeness Centrality (refined)
Alice	0.75
Bob	0.5
Carol	0.5
David	1
Eva	0.25

This index is a ratio of the fraction of the actors in the group who are reachable, to the average distance that these actors are from the actor n_i.

4. Matrices for SNA

Matrix is a very important concept in SNA, and the primary matrix is called the adjacency matrix, or sociomatrix.

With regard to this example:

	Alice	Bob	Carol	David	Eva
Alice	—	1	1	1	0
Bob	1	—	0	1	0
Carol	1	0	—	1	0
David	1	1	1	—	1
Eva	0	0	0	1	—

                                           X=

	n1	n2	n3	n4	n5
n1	—	1	1	1	0
n2	1	—	0	1	0
n3	1	0	—	1	0
n4	1	1	1	—	1
n5	0	0	0	1	—

Case conclusion:

According to the computing results, we find David is in the “center” of the network, which means he is the key player and is the most influential note.

What we can know from the above instance:

Social Network Analysis is not just about graphs and data. Once a graph is drawn, you can measure it. Social network metrics reveal much about the nodes, and the clusters they form. Who knows what is going on? Who wields power or influence? Who is a key connector? Who is in the "thick of things" in this conspiracy? In this example, our calculations reveal that David is most important node in the network.

The common wisdom is that only big business and government use social network analysis. Yet, there are many individuals and groups that are learning the craft, and solving local problems. Although social network analysis can not be learned by reading a book, it does not require a PhD either. Any intelligent person, under the right guidance, and with the proper tools, can apply the methodology to an appropriate problem and gain enormous insight into what was previously hidden.

References:

1.        http://en.wikipedia.org/wiki/Centrality

2.        http://www.orgnet.com/index.html

Social Media Marketing

In the last two weeks, we focused our lectures on three main points as following:

1.     How to write blogs (blogosphere)

2.     Social media marketing &Social commerce

3.     Social multimedia computing

All of us have written diaries, but how to write blogs, which are also a type of journal, however, published on the WWW, are what I haven’t known. Many tips are given, such as what are your topics of your blogs and how do adequate research for your topic. When it comes to professional blogs writing, how to achieve this level? I got answers on lecture 4 either.

A new-style marketing-Social Media Marketing, which has changed the way of traditional marketing and even online marketing, was also introduced in lecture4. Not only for me, but also for other students, it is a late-model marketing field, I reckon. It is a potential commerce, which will be thriving in the near future long with the wide use of Internet and social media.

With regard to social multimedia computing, lecture 5 introduces the basic definition, its application and even related research issues as well as challenges we are facing.

Both two lectures enrich my knowledge in the field of social network. However, if I want to gain extensive information or even epistemic level cognition, I must devote my time and effort to keep on studying.

And what impressed me most in these two weeks’ study is Social Media Marketing, which usually centers on efforts to create content that attracts attention and encourages readers to share it with their social networks.

Social media marketing refers to the process of gaining website traffic or attention through social media sites. On this platform, such as Tweet, Facebook, and Google+, a corporate message spreads from user to user and presumably resonates because it appears to come from a trusted, third-party source, as opposed to the brand or company itself.

How to implement an effective social medial marketing? Here are the key things you should be considered, and the key decisions you need to make to achieve a good workable Social Media Marketing plan.

The first thing is to decide on your goals. In structuring your goals, make them as simple as possible and make them as measurable as possible. Unless you have an atrocious brand image, I recommend going for more sales leads

The second thing you need to do is choose your media channel or channels. The simple fact is that one or two channels may give you 90% of the effectiveness that seven channels would. I mentioned two channels because one channel is almost always your corporate blog. We will come back to blogging in future columns, but blog is usually the center of your social media strategy.

The third item is allocating resources. You’ve figured out what you have to do; now you need to figure out who is going to do. Who is in charge overall? Who is writing the content? Who is participating in forums like the Linkln groups?

And the last step is adjust, alter, amend and adapt, including experimenting with all facets of your social media marketing, whether it’s length of content, hoe often you put content out here, subject lines, response forms and so on. Constant tweaking to make things a little bit better is one of the hallmarks of Social Media Marketing.

I hope the guidelines above will help you perform well on your way to a solid framework for Social Media Marketing campaign.

So far, these are my epistemic cognition in terms of Social Media Marketing.

References: 
http://en.wikipedia.org/wiki/Social_media_marketing 

http://www.business2community.com/social-media/social-media-marketing-basics-for-small-business-owners-0140925

Epistemic Cognition

Even though I have come to and gained more benefits from various social network, like renren, youku, and any other types of website environment through the interactions with other members or groups, I’m lack of systemic knowledge of this field. The following are what I have obtained from this subject in lecture 1 to 3.

1.     Basic theoretical knowledge. Such as the definition of social network, social networking and social media, as well as the relationship among them.

2.     The development of social network related technologies and applications, in addition, the present situation.

3.     How our brain works in the cognitive processing and memory and how our mind is engaged in social networking environment.

In the last point, Epistemic Cognition left a deep impression on me.

So what is Epistemic Cognition? It is the process of knowing and, more precisely, the process of being aware, knowing, thinking, learning and judging.

A three-level model of cognitive processing to account for complex monitoring when individuals are faced with ill-structured problems, i.e., problems on which opposing or contradictory evidence and opinion exists, is proposed. At the first level, cognition, individuals compute, memorize, read, perceive, solve problems, etc. At the second, metacognitive level, individuals monitor their own progress when they are engaged in these first-order tasks. At the third level, epistemic cognition, individuals reflect on the limits of knowing, the certainty of knowing, and criteria of knowing. Epistemic assumptions influence how individuals understand the nature of problems and decide what kinds of strategies are appropriate for solving them. While cognitive and metacognitive processes appear to develop in childhood and are used throughout the life span, current research on adult reasoning suggests that epistemic cognitive monitoring develops in the late adolescent and adult years.

A very important feature of the human cognitive architecture, and probably an essential feature of any cognitive architecture able to function efficiently in a complex and rapidly changing environment, is that beliefs and decisions need not be the product of explicit reasoning. Suppose I toss an apple to you and you catch it. How did you do that? You certainly did not do it by measuring distances and velocities and computing parabolic trajectories. Perhaps you could have done it that way, but it would have been much too slow and you would not have caught the apple. Instead, humans and higher animals have a built-in cognitive module whose purpose is to rapidly produce predictions of trajectories. We rely upon that in forming beliefs about where the apple is going to be when we try to catch it.

That epistemic cognition is interest driven is the simplest way in which it is influenced by practical cognition. Epistemic cognition and practical cognition are not separable modules. Only the lowest level of epistemic cognition can proceed without the intervention of practical cognition, and even then our epistemic pursuits are interest-driven. Architecture for epistemic cognition cannot be evaluated independently of its interactions with practical cognition. They jointly form a cognitive architecture, and what makes the epistemic parts of it good or bad is how they contribute to the functioning of the whole architecture. This cannot be evaluated by anything so simple as its propensity to produce true beliefs. At the very least, epistemic cognition must produce beliefs that are useful to agent, and what makes them useful is their role in facilitating the solution to practical problems. It is not obvious that beliefs must be literally true for this purpose, and it is clear that merely being true is not enough to make beliefs useful.

References:

wiki

http://en.wikipedia.org/wiki/Epistemology

http://en.wikipedia.org/wiki/Cognitive_science

video

http://www.youtube.com/watch?v=FC0Hw1vAP0c&feature=related

http://www.youtube.com/watch?v=RZS-uMFPZaE&feature=related

A large part of students’ success in science education has been thought to depend on how they understand knowledge and knowing, considering relativistic-based thinking as a necessary achievement for science learning. Therefore, knowing how our mind works will help ourselves in the process of learning and creating new things.